Precise glitching.


#1

Hello!

I am using a CW305 board and want to glitch precise clock cycles to perform Piret attacks. Is there a way that I can do this easily? I have the glitches working through the GUI, but they seem to all huddle around one area in the middle of AES, and I don’t have a great idea what the offsets and widths are really representing.

Thanks,
Chris


#2

Nice project, Chris!

Here’s a summary of the glitch module:

  • The glitch module has some clock input (either the external clock from the target or the internal CLKGEN signal in the ChipWhisperer)
  • The glitch module turns this clock signal into a short pulse. The pulse starts (Offset %) of a period after the clock’s rising edge and lasts for (Width %) of the clock period. For example, an offset of 20% and a width of 30% would create a pulse that’s 3/10 of a clock cycle long, ending at the falling edge.
  • When the glitch module receives a trigger signal, it delays for (Ext Trigger Offset) clock cycles, then it combines the input clock and the pulse for (Repeat) cycles. Usually, the output is the input clock XORed with the pulse, but you can create other outputs (like pulse only).
  • This modified clock signal can be used as a clock output or a VCC crowbar signal (for clock or voltage glitching).

You should be able to get your attack to work by selecting a good trigger offset and sweeping different widths/offsets. However, these things can be very finicky (especially on an FPGA target, where many operations are done in parallel).

Hopefully that’s enough to get you started without overloading you with info. We do have a few more ways to fine-tune glitches if you’re having no luck - let me know how it goes.


#3

Thanks for the response!
Do you know how many clock cycles it takes for the ChipWhisperer to complete an AES run? I need to pinpoint where the last MixColumn operation happens and glitch a specific byte of data. I kind of need to calculate this ahead of time because scanning over several ranges won’t tell me if I glitched the correct thing.

Thanks again,
Chris


#4

I don’t know exactly where the MixColumns operation happens. One thing that you could do to make this easier is to modify the AES source code so that the trigger happens in a different spot. If you set the trigger high right before MixColumns starts you should have a really good idea of where to sweep.


#5

This is not fair play! It doesn’t happen in real life :stuck_out_tongue:


#6

I was able to get glitch to work with SAD match producing a 10-20ns pulse followed by oscillating pulses. The first pulse is ~7v followed by diminishing pulse down to 1v before converging down to 0v after total of 10 pulses.

I have a need to convert these short pulses into one large 50us+ pulses.

I am planning to use diodes, capacitors, and resistors along with below (page 23) to stretch out multiple pulses into one large pulse.
analog.com/media/en/technica … 6752fc.pdf

But why go through all that trouble if there is a better (simple) way. I am new to CW1200 so I thought I asked the forum for help.
Is there a way for CW1200 to produce one large pulse?


#7

Surely the FPGA can do this ??

I’m new to this as well.

I can see some fpga code in

\hardware\victims\cw305_artixtarget\fpga\common

and

\hardware\capture\chipwhisperer-rev2\ezusb-firmware\ztex-sdk\examples\usb-fpga-1.11

I’m currently still downloading the FPGA compiler tools as they are a massive 6.9Gb download !